I'm providing access to third party service through ssh, that service install some packages and do other kind of configuration on my server I want to know which commands or scripts are run by that service, is there any way I can find that.
Third party service is automatic system which do all these package installation and configuration.
Trying to log this with something like bash history is fundamentally flawed, because there are all kinds of ways that users to disable or avoid that, or to edit/delete the .bash_history file.
If you want a record of what they're doing you should set up auditd on teh system, and have the logs sent to a remote log collection server that they have no access to. It's a good few years old now, but this question has some guidance on setting up auditd, and I'm sure you can find plenty of other more recent guides and references.
Edit your .bashrc of your (third-party service)'s user.
histappend
If set, the history list is appended to the history file when the shell exits,
rather than overwriting the history file.
shopt -s histappend
To append every line to history individually set:
PROMPT_COMMAND='history -a'
With these two settings, a new shell will get the history lines from all previous shells instead of the default 'last window closed'>history
(the history file is named by the value of the HISTFILE variable)
